05/14/08:

A little more debugger action: filled in op_debug. All debugger control
flow works now, but variable inspection and backtraces still don't.

SunSpider reports no change.

VM/CodeGenerator.cpp: Changed op_debug to accept line number parameters.

VM/Machine.cpp:
(KJS::Machine::getFunctionAndArguments): Moved op_debug into a
NEVER_INLINE function to avoid a stunning 10% performance regression.
Also factored out a common function for retrieving the function and
arguments from a call frame.

kjs/JSActivation.cpp:
(KJS::JSActivation::createArgumentsObject): Use the new factored out
function mentioned above.

kjs/Parser.cpp:
(KJS::Parser::parse): Increment m_sourceId before assigning it, so the
sourceId we send to the debugger matches the sourceId recorded in the
node.

rendering/RenderLayer.cpp:
(WebCore::RenderLayer::~RenderLayer): Changed to not call removeLayers()
on the reflection if the document is being destroyed, because in that
case the layer tree is not being maintained.

LayoutTests:

Reviewed by Mark Rowe.

test for <rdar://problem/5907633> Memory corruption after closing a document that uses box-reflect

(WebCore::JavaScriptDebugServer::sourceParsed): Adds #ifdefed
debugging code to prevent the sourceID and URL.
(WebCore::updateCurrentCallFrame): Added. A helper function that
is called from all 4 of the debugger hooks below. This function will
update and/or create JavaScriptCallFrames to match the exec state,
sourceID and lineNumber passed into it. Contains #ifdefed debugging
code that was helpful while fixing this bug.
(WebCore::JavaScriptDebugServer::callEvent): Call updateCurrentCallFrame
before pauseIfNeeded.
(WebCore::JavaScriptDebugServer::atStatement): Ditto.
(WebCore::JavaScriptDebugServer::returnEvent): Ditto.
(WebCore::JavaScriptDebugServer::exception): Ditto.

page/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::isProgressIndicator):
(WebCore::AccessibilityRenderObject::isPressed): Check the aria-
pressed attribute if this is an ARIA button.
(WebCore::AccessibilityRenderObject::headingLevel): Check the aria-
level attribute if this is an ARIA heading.
(WebCore::AccessibilityRenderObject::intValue): Check the aria-
checked attribute if this is an ARIA radio button or checkbox.
(WebCore::AccessibilityRenderObject::valueForRange):
(WebCore::AccessibilityRenderObject::maxValueForRange):
(WebCore::AccessibilityRenderObject::minValueForRange):
(WebCore::RoleEntry::):
(WebCore::AccessibilityRenderObject::canSetValueAttribute):

page/InspectorController.cpp: Add the ability to retrieve all of the
profiles in JavaScript from the InspectorController.
(WebCore::allProfiles):
(WebCore::InspectorController::windowScriptObjectAvailable):

page/JavaScriptFunctionCallProfile.cpp: Added. Wrapper around the JSC
FunctionCallProfile.
(WebCore::functionCallProfileCache): This cache makes sure we don't
needlessly create duplicate wrappers around the same
FunctionCallProfile*.
(WebCore::getFunctionName): Callback to return the name of the function.
(WebCore::getTotalTime): Callback to return the total time spent in the
function.
(WebCore::getSelfTime): Callback to return the time spent in self (total

time in children) in the function.
(WebCore::getNumberOfCalls): Callback to return the number of times this
function was called.
(WebCore::getChildren): Callback to return the children of this function
where the children are the functions this function called.
(WebCore::finalize): Cleanup.
(WebCore::functionCallProfileClass): Define the JSClassRef for this
object.
(WebCore::toJS): Create a conversion function to make a usable JSValue
to wrap the FunctionCallProfile in JSC.

page/JavaScriptFunctionCallProfile.h: Added.

page/JavaScriptProfile.cpp: Added. Wrapper around the JSC Profile.
(WebCore::profileCache): This cache makes sure we don't needlessly
create duplicate wrappers aroudn the same Profile*.
(WebCore::getHeadCallback): Callback to return the head of the graph of
the functions profiled durring this profile's run.
(WebCore::finalize):
(WebCore::profileClass): Define the JSClassRef for this object.
(WebCore::toJS): Create a conversion function to make a usable JSValue
to wrap the Profile from JSC.

Opacity, transforms, reflections and masks should not honor z-index unless the element is also
positioned. Always reset to auto if the element is not positioned (and then the following code will
adjust auto to 0 as needed).

page/inspector/Console.js:
(WebInspector.ConsoleMessage.prototype._format): Changed to explicitly
wrap Console._format instead of using bind to do it. Using bind was
causing us to pass plainText in as the first parameter instead of as
the second.

Commit r26474 removed escaping of '>' characters to '&gt;' in serialized
HTML content, which broke one jQuery test. This change restores that
serialization behavior to both attributes and content for consistency.

editing/markup.cpp:
(WebCore::appendAttributeValue): Escape '>' as '&gt;'.
(WebCore::escapeContentText): Ditto.
(WebCore::appendEscapedContent): Ditto. This is the bug fix for the jQuery test.

m_inspectedPage is now cleared when the Page is destroyed, which never
used to happen. Some of InspectorController's code was not prepared
for this.

Reviewed by Dave Hyatt.

page/InspectorController.cpp:
(WebCore::InspectorController::~InspectorController): Removed a call
to stopDebugging and added an assertion. Debugging should have already
been stopped by this point.
(WebCore::InspectorController::inspectedPageDestroyed): Moved here
from the header file. Added a call to stopDebugging.
(WebCore::InspectorController::enabled): Return false if our inspected
Page has already been destroyed, since we can't really do much at this
point anyway.
(WebCore::InspectorController::didCommitLoad):
(WebCore::InspectorController::didLoadResourceFromMemoryCache):
(WebCore::InspectorController::identifierForInitialRequest):
(WebCore::InspectorController::startDebuggingAndReloadInspectedPage):
(WebCore::InspectorController::stopDebugging):
(WebCore::InspectorController::drawNodeHighlight):
Assert that m_inspectedPage hasn't been cleared.

editing/Editor.cpp:
(WebCore::Editor::confirmComposition): Remove the previous composition
when we insert the new one, not with a separate, slower, delete operation.
(WebCore::Editor::setComposition): Ditto.

editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::performTrivialReplace): Remove the selected
text with a low level operation that doesn't perform a layout and insert
the new text in a way that won't trigger a layout from the removal.
(WebCore::InsertTextCommand::input): Call the optimized replace.

editing/InsertTextCommand.h:

editing/htmlediting.cpp:
(WebCore::isTabSpanNode): Check to see if the node is a span, to avoid
the expense of getAttribute in the common case.

page/Page.cpp:
(WebCore::Page::~Page): Fixed a bug and added a call to the new
inspectedPageDestroyed. If we have a parent InspectorController, that
means that we are the Page in the Inspector's window (i.e., we are the
Inspector's UI), so when we are destroyed we should call
InspectorController::pageDestroyed. We also need to call
inspectedPageDestroyed on our own InspectorController so that it won't
try to call into us.

(WebCore::JavaScriptDebugServer::setPauseOnExceptions): Set m_pauseOnExceptions.
(WebCore::JavaScriptDebugServer::exception): Check m_pauseOnExceptions
and set m_pauseOnNextStatement to true before calling pauseIfNeeded.

Rename the Scope Chain pane to Scope Variables. Name the global
object Global. Name objects before the locals "With Block".
Name colsure scopes "Closure". Name any element or document
after Local, "Event Target" and "Event Document", respectfully.

Reviewed by Adam Roben.

English.lproj/localizedStrings.js: Add new strings.

page/inspector/ObjectPropertiesSection.js:

(WebInspector.ObjectPropertiesSection): Add a new argument that is used
for the empty placeholder text.
(WebInspector.ObjectPropertiesSection.prototype.onpopulate): Use the
empty placeholder text.

page/inspector/ScopeChainSidebarPane.js:

(WebInspector.ScopeChainSidebarPane): Rename Scope Chain to Scope Variables.
(WebInspector.ScopeChainSidebarPane.prototype.update): Use the object name as
the subtitle. Use "Global" for the global object title. Use "With Block" for
the title of objects before the locals. Use "No Variables" for the empty
placeholder text for locals.

Of all Cf characters, we are only removing BOM, because this is what Firefox trunk has
settled upon, after extensive discussion and investigation.

Based on Darin's work on this bug.

Test: fast/js/removing-Cf-characters.html

kjs/lexer.cpp:
(KJS::Lexer::setCode): Tweak formatting. Use a call to shift(4) to read in the
first characters, instead of having special case code here.
(KJS::Lexer::shift): Add a loop when reading a character to skip BOM characters.

In Opera, Firefox and IE, when an attribute node has a value
of "", the attribute node doesn't have any childNodes. This
is true in WebKit also, but not when you assign "" to the
Attr's value when the existing value is non-empty.

Test: fast/dom/attribute-empty-value-no-children.html

dom/Attr.cpp: (WebCore::Attr::setValue): Use createTextChild(), which only appends
a child text node if the value being assigned is not empty.

This fixes a number of issues. The most important is that we now check every register
file for tainting rather than just looking for function register files as that was
insufficient. Additionally guarded against implicit re-entry into Eval code.

Also added a few additional assertions to reduce the amout of time between something
going wrong and us seeing the error.

emitThrowError needs to return the temporary holding the error, not dst,
since dst may be NULL. In fact, emitThrowError shouldn't take a dst
parameter at all, since exceptions should not modify the destination
register.

VM/CodeBlock.h: A little refactoring here. Store a pointer to our
owner ScopeNode so we can retrieve data from it. This allows us to
stop storing copies of the data ourselves. Also, store a "this" register
instead of a code type, since we were only using the code type to
calculate the "this" register.

VM/CodeGenerator.cpp:
(KJS::CodeGenerator::generate): Calculate the "this" register mentioned
above. Also, take care of removing "this" from the symbol table after
codegen is done, since relying on the timing of a destructor for correct
behavior is not so good.

kjs/debugger.h: Removed debuggersPresent because it was unused.
Replaced AttachedGlobalObject linked list with a HashSet because HashSet
is faster and simpler. Changed all functions to return void instead of
bool, because no clients ever return false, and we don't want to support
it.

Fixes a crash seen in Xcode where CallUIDelegateReturningBoolean
was referencing a nil WebView under validateUserInterfaceItem.
The validateUserInterfaceItem methods was being called at a time
when the WebHTMLView is being torndown.

<rdar://problem/5806229> A crash occurs at CallUIDelegateReturningBoolean()
while mousing down on menu bar after Xcode News window is opened

Reviewed by Ada Chan.

WebView/WebHTMLView.mm:

(-[WebHTMLView validateUserInterfaceItem:]): NULL check the WebView and
return NO when it is nil. Adds a comment.

Fixes the assertion and crash that would happen when inspecting a element from a frame.
This change makes JSInspectedObjectWrapper pass unwrapped objects around for global objects
that share the same page group identifier. Also returns jsUndefined() instead of 0 to prevent
crashing in release builds if the page groups don't match.

Fixes the hang that could happen when option-clicking to expand
a disclosure triangle in the Properties pane. This change limits
the recursion depth when expanding the tree elements.

<rdar://problem/5847681> Safari hangs when option-clicking a
disclosure triangle in the Inspector's Properties pane

Reviewed by John Sullivan.

page/inspector/treeoutline.js:

(TreeElement.prototype.expandRecursively): Pass an empty info object to
traverseNextTreeElement to get the depthChange value. This is used to
compute a current depth. If the depth exceeds the maxDepth argument, the
item isn't expanded and children wont be populated when traverseNextTreeElement
is called until the depth goes below the maxDepth.
(TreeElement.prototype.traverseNextTreeElement): Added a new info
argument that can be optionally used to return extra info like depth change.

Implements the rest of the Scripts panel to get the debugger
mostly working. "Basic debugging seems to work."

Reviewed by Geoff Garen.

English.lproj/localizedStrings.js: Adds new strings.

page/inspector/Resource.js:

(WebInspector.Resource.prototype.get scripts): Returns _scripts and
creates it lazily.
(WebInspector.Resource.prototype.addScript): Add the script object to the
front of the _scripts array.
(WebInspector.Resource.prototype.removeAllScripts): Removed all the scripts
and removes the resource back-reference.
(WebInspector.Resource.prototype.removeScript): Removes the script and
breaks the resource back-reference.

page/inspector/ResourceView.js:

(WebInspector.ResourceView): Adds a reminder comment.
(WebInspector.ResourceView.prototype.get headersVisible): Returns _headersVisible.
(WebInspector.ResourceView.prototype.set headersVisible): Stubs out
a setter that currently just sets _headersVisible. Has a comment that
points out this needs implemented when network headers are added.

page/inspector/ResourcesPanel.js:

(WebInspector.ResourcesPanel.prototype.show): Sets the headersVisible property of
the visible view to true and shows it again, in case it was being shown in Scripts.
(WebInspector.ResourcesPanel.prototype.recreateViewForResourceIfNeeded):
Copies the headersVisible property from the old view to the new view.
(WebInspector.ResourcesPanel.prototype.showResource): Sets the headersVisible
property to true before showing.

page/inspector/ScriptView.js:

(WebInspector.ScriptView): Passes in _addBreakpoint for the add breakpoint delegate.
(WebInspector.ScriptView.prototype._addBreakpoint): Calls ScriptsPanel's addBreakpoint
for the current Script.sourceID and line.

page/inspector/ScriptsPanel.js:

(WebInspector.ScriptsPanel):
(WebInspector.ScriptsPanel.prototype.show): Sets the headersVisible property of
the visible view to false and shows it again, in case it was being shown in Resources.
(WebInspector.ScriptsPanel.prototype.addScript): Makes a new Script object and
adds it to a Resource if one is found. Registers any breakpoint that match
the new Script's source URL, and sets the sourceID of the breakpoints.
(WebInspector.ScriptsPanel.prototype.addBreakpoint): Adds the breakpoint to the
BreakpointsSidebarPane. Also adds it to _breakpointsURLMap so it can be found
later in addScript by URL. Finally adds the breakpoint to the SourceFrame that
represents the resources or script.
(WebInspector.ScriptsPanel.prototype.removeBreakpoint): Removes the breakpoint from
the BreakpointsSidebarPane, _breakpointsURLMap and SourceFrame.
(WebInspector.ScriptsPanel.prototype.debuggerPaused): Update the debugger
state variables, the buttons and the CallStackSidebarPane.
(WebInspector.ScriptsPanel.prototype.reset): Clears and resets debugger
and interface state.
(WebInspector.ScriptsPanel.prototype.get visibleView): Returns _visibleView.
(WebInspector.ScriptsPanel.prototype.set visibleView): Sets _visibleView and
calls hide on the old view and show on the new view.
(WebInspector.ScriptsPanel.prototype.showScript): Calls _showScriptOrResource.
(WebInspector.ScriptsPanel.prototype.showResource): Ditto.
(WebInspector.ScriptsPanel.prototype.scriptViewForScript): Lazily creates a
ScriptView for the Script and returns it.
(WebInspector.ScriptsPanel.prototype.sourceFrameForScript): Returns the SourceFrame
for the Script.
(WebInspector.ScriptsPanel.prototype._sourceFrameForScriptOrResource): Returns the
SourceFrame based on the type of object passed in.
(WebInspector.ScriptsPanel.prototype._showScriptOrResource): Shows the view based on
the type of object passed in. If the object is a resource and there are breakpoints
defined for that Resource URL, then populate the SourceFrame with the breakpoints.
(WebInspector.ScriptsPanel.prototype._addScriptToFilesMenu): Adds a script to the
files menu. If the Script is part of a resource, that resource is added.
(WebInspector.ScriptsPanel.prototype._removeScriptFromFilesMenu): Remove a script from
the files menu. If that script is part of a resource and it is the last script of that
resource, then remove the whole resource.
(WebInspector.ScriptsPanel.prototype._clearCurrentExecutionLine): Clears the execution
line from the SourceFrame that is showing it.
(WebInspector.ScriptsPanel.prototype._callFrameSelected): Event listener for when the
call frame changes in the CallStackSidebarPane. Triggers updates to the ScopeChainSidebarPane
and the visible view.
(WebInspector.ScriptsPanel.prototype._changeVisibleFile): Event listener for the change state
of the files select element.
(WebInspector.ScriptsPanel.prototype._updateDebuggerButtons): Update more of the
buttons to reflect the current debugger state. Updates the status text too.
(WebInspector.ScriptsPanel.prototype._toggleDebugging): Reset the UI and state when
the debugger is attached/detached.
(WebInspector.ScriptsPanel.prototype._togglePause): Call InspectorController.resumeDebugger or
InspectorController.pauseInDebugger depending on the paused state.
(WebInspector.ScriptsPanel.prototype._stepOverClicked): Call InspectorController.stepOverStatementInDebugger.
(WebInspector.ScriptsPanel.prototype._stepIntoClicked): Call InspectorController.stepIntoStatementInDebugger.
(WebInspector.ScriptsPanel.prototype._stepOutClicked): InspectorController.stepOutOfFunctionInDebugger.

page/inspector/SourceView.js:

(WebInspector.SourceView): Passes in _addBreakpoint for the add breakpoint delegate.
(WebInspector.SourceView.prototype._addBreakpoint): Calls ScriptsPanel's addBreakpoint
for the nearest Script's sourceID and passed in line.

Adds implementations of the Scope Chain and Call Stack sidebar panes.
These panes use the JSJavaScriptCallFrame object that will be passed
to the update functions.

Reviewed by Kevin McCullough.

English.lproj/localizedStrings.js: Adds new strings.

WebCore.vcproj/WebCore.vcproj: Adds new files.

page/inspector/CallStackSidebarPane.js:

(WebInspector.CallStackSidebarPane.prototype.update): Walk the
caller chain of the call frame and make placards for each.
(WebInspector.CallStackSidebarPane.prototype.get selectedCallFrame):
Return _selectedCallFrame.
(WebInspector.CallStackSidebarPane.prototype.set selectedCallFrame):
Set _selectedCallFrame and dispatch the "call frame selected" event.
(WebInspector.CallStackSidebarPane.prototype._placardSelected):
Set the selectedCallFrame based on the clicked placard.

page/inspector/Placard.js: Added. A user interface object that can

be used to show a title and a subtitle block with a selected state.

page/inspector/ScopeChainSidebarPane.js: Added.

(WebInspector.ScopeChainSidebarPane): Call the base object and set the title.
(WebInspector.ScopeChainSidebarPane.prototype.update): Iterate over the
call frame's scope chain and make ObjectPropertiesSections for each.

Factored most of SourceView out into SourceFrame so it can be shared
by the new ScriptView. Added the ScriptView class to be used for
scripts that arn't Resources (like eval code.) Added a simple Script
object that hold the data from the debugger parsedSource hooks. A
ScriptView holds a Script object, and uses it for source data.

Added breakpoint and execution line support to the SourceFrame
where they are visually represented in the source.

Reviewed by Kevin McCullough.

page/inspector/inspector.js:

(WebInspector.performSearch): Change the caller of sourceFrameForResource
to use the SourceFrame result's element property.

(WebInspector.BreakpointsSidebarPane): Add a breakpoints array.
(WebInspector.BreakpointsSidebarPane.prototype.addBreakpoint):
Adds the breakpoint to the breakpoints array. Registers for the disabled
and enabled event types. Call InspectorController.addBreakpoint if attached.
(WebInspector.BreakpointsSidebarPane.prototype.removeBreakpoint):
Removes the breakpoint from the breakpoints array. Deregisters for the disabled
and enabled event types. Call InspectorController.removeBreakpoint if attached.
(WebInspector.BreakpointsSidebarPane.prototype._breakpointEnableChanged):
Call InspectorController.addBreakpoint or InspectorController.removeBreakpoint
depending on the enabled state of the breakpoint.

Make addSourceToFrame not dependent on InspectorResource so it
can be used to add source of a passed in string and mime-type to
a frame. Added addResourceSourceToFrame for use by SourceView.

Also fixes an assertion because of an incorrect static_cast of identifiers
to unsigned long long, when they can be unsigned.

Reviewed by Geoff Garen.

page/InspectorController.cpp:

(WebCore::addSourceToFrame): Helper function used by addSourceToFrame
and addResourceSourceToFrame.
(WebCore::addSourceToFrame): Generalized to take a source and mime-type string.
(WebCore::addResourceSourceToFrame): Renamed from addSourceToFrame.
(WebCore::getResourceDocumentNode): Fixes the static_cast to be long long.
(WebCore::InspectorController::windowScriptObjectAvailable): Adds
addResourceSourceToFrame to the JavaScript class.

Implements more debugger APIs on JavaScriptDebugServer and reduces
the number of callbacks to JavaScriptDebugListeners. These changes
will better facilitate debugger optimizations when SquirrelFish merges.

(WebCore::JavaScriptDebugServer::JavaScriptDebugServer): Initialize new data members.
(WebCore::JavaScriptDebugServer::~JavaScriptDebugServer): Delete all values of m_breakpoints.
(WebCore::JavaScriptDebugServer::removeListener): Call resume if the last listener was removed.
(WebCore::JavaScriptDebugServer::hasListenersInterestedInPage): Returns true if there are any
global listeners or a listener for the page.
(WebCore::JavaScriptDebugServer::addBreakpoint): Adds and entry to m_breakpoints.
(WebCore::JavaScriptDebugServer::removeBreakpoint): Removes a entry in m_breakpoints.
(WebCore::JavaScriptDebugServer::hasBreakpoint): Checks if there is a breakpoint for the
sourceID and line.
(WebCore::JavaScriptDebugServer::clearBreakpoints): Removed all breakpoints.
(WebCore::JavaScriptDebugServer::pauseOnNextStatement): Sets m_pauseOnNextStatement to true.
(WebCore::JavaScriptDebugServer::resume): Sets m_paused to false.
(WebCore::JavaScriptDebugServer::stepIntoStatement): Calls resume and sets
m_pauseOnNextStatement to true.
(WebCore::JavaScriptDebugServer::stepOverStatement): Calls resume and sets m_pauseOnExecState to
the current call frame's ExecState.
(WebCore::JavaScriptDebugServer::stepOutOfFunction): Calls resume and sets m_pauseOnExecState to
the current call frame's caller ExecState.
(WebCore::JavaScriptDebugServer::currentCallFrame): Returns m_currentCallFrame if paused.
(WebCore::dispatchDidParseSource): Removed the ExecState argument.
(WebCore::dispatchFailedToParseSource): Ditto.
(WebCore::JavaScriptDebugServer::sourceParsed): Doesn't pass the ExecState to dispatchDidParseSource
or dispatchFailedToParseSource.
(WebCore::dispatchFunctionToListeners):
(WebCore::JavaScriptDebugServer::dispatchFunctionToListeners): Removes all the arguments passed
to the callback.
(WebCore::JavaScriptDebugServer::setJavaScriptPaused): Various overloaded functions
to pause parts of WebCore to prevent JavaScript execution while paused.
(WebCore::JavaScriptDebugServer::pauseIfNeeded): Decides if the debugger should pause based
on the passed in ExecState, source ID and line number. This checks for breakpoints, stepping, etc.
Calls didPause on all the listeners and spins a EventLoop until resume is called.
(WebCore::JavaScriptDebugServer::callEvent): Call pauseIfNeeded.
(WebCore::JavaScriptDebugServer::atStatement): Ditto.
(WebCore::JavaScriptDebugServer::returnEvent): Ditto.
(WebCore::JavaScriptDebugServer::exception): Ditto.

Adds a JavaScriptCallFrame object and JavaScript binding with an IDL.
This object will expose the stack to the Inspector's debugger.

Reviewed by Adam Roben.

DerivedSources.make: Add JavaScriptCallFrame.

bindings/js/JSJavaScriptCallFrameCustom.cpp: Added.

(WebCore::JSJavaScriptCallFrame::evaluate): Calls impl evaluate and returns the result.
(WebCore::JSJavaScriptCallFrame::scopeChain): Makes an array of the ScopeChain.

page/JavaScriptCallFrame.cpp: Added.

(WebCore::JavaScriptCallFrame::JavaScriptCallFrame):
(WebCore::JavaScriptCallFrame::caller): Returns m_caller.
(WebCore::JavaScriptCallFrame::functionName): Returns the function
name from the ExecState if this is not global code or anonymous.
(WebCore::JavaScriptCallFrame::evaluate): Evaluates a script string
in the scope of the call frame.

page/JavaScriptCallFrame.h: Added.

(WebCore::JavaScriptCallFrame::create): Call the ctor can return in a PassRefPtr.
(WebCore::JavaScriptCallFrame::invalidate): Sets m_mexec to 0. This prevents a
stale ExecState from being accessed after the lifetime of the ExecState.
(WebCore::JavaScriptCallFrame::isValid): Checks if m_exec is 0.
(WebCore::JavaScriptCallFrame::execState): Returns m_exec.
(WebCore::JavaScriptCallFrame::sourceIdentifier): Returns m_sourceID.
(WebCore::JavaScriptCallFrame::line): Returns m_line.
(WebCore::JavaScriptCallFrame::setLine): Sets m_line.
(WebCore::JavaScriptCallFrame::scopeChain): Returns by reference m_exec->scopeChain().

Add a new WebInspector.Object base class that will be used for
a few objects in the Web Inspector to support listeners on any
object. This will help add more abstraction to the Inspector.

Reviewed by Adam Roben.

page/inspector/Object.js: Added.

(WebInspector.Object): Does nothing.
(WebInspector.Object.prototype.addEventListener): Adds the listener to
the _listeners map by type. Supports a this object argument, for easy
addition of listeners without the need for bind.
(WebInspector.Object.prototype.removeEventListener): Remove the listener
from the _listeners map. If the listener is null and the thisObject was
passed, remove any listener for that thisObject.
(WebInspector.Object.prototype.dispatchEventToListeners): Sends an event
for a type to all listeners for that type. Mimics some of the DOMEvent
methods and properties for the event object passed to the listeners.

Some upcoming changes to JavaScriptDebugServer and
JavaScriptDebugListener will break WebScriptDebugServer. Since Drosera
is being replaced by the Inspector's debugger, and Drosera is the only
client of WebScriptDebugServer, it makes more sense to get rid of
WebScriptDebugServer than to update it to keep it working.

We can't actually remove WebScriptDebugServer entirely yet, so I've
just made it non-functional. This will completely break Drosera, but
as stated above, Drosera's days are numbered anyway.

Reviewed by Tim Hatcher and Kevin McCullough.

WebCoreSupport/WebFrameLoaderClient.cpp:
(WebFrameLoaderClient::dispatchDidLoadMainResource): Removed all code
in this function.

Replace old attempt at "branchless" exceptions as the extra information
being passed made gcc an unhappy compiler, replacing these custom toNumber
calls with ordinary toNumber logic (by relying on toNumber now preventing
side effects after an exception has been thrown) provided sufficient leeway
to add the additional checks for the remaining unchecked cases.

This leaves only toString conversions in certain contexts as possibly
misbehaving.

First steps toward supporting the debugger API: support the sourceParsed
callback; plus some minor fixups.

SunSpider reports no regression.

VM/CodeGenerator.h: Removed a misleading comment.

kjs/Parser.h: Changed the parser to take an ExecState*, so it can
implement the sourceParsed callback -- that way, we only have to
implement the callback in one place.

kjs/debugger.cpp: Nixed DebuggerImp, because its sole purpose in life
was to demonstrate the misapplication of design patterns.

kjs/debugger.h: Changed sourceParsed to take a SourceProvider, to
reduce copying, and not to return a value, because pausing execution
after parsing is complicated, and no clients needed that ability, anyway.

kjs/grammar.y: Make sure never to pass a NULL SourceElements* to
didFinishParsing -- that simplifies some code down the road.

kjs/nodes.cpp: Don't generate special AST nodes just because the
debugger is attached -- that's a relic of the old AST execution model,
and those nodes haven't been maintained.

<rdar://problem/5841351> Turkish ISO 8859-9 encoding should be treated as windows-1254

Match IE and upgrade ISO-8859-9 to windows-1254, which is its strict superset.

Test: fast/encoding/char-decoding.html

platform/text/TextCodecICU.cpp:
(WebCore::TextCodecICU::registerExtendedEncodingNames): Register the standard name
unconditionally. Previously, we registered windows-949-2000 as a special case that lacked
an IANA standard name, and got away with not registering GBK because it happened
to be reported by ICU normally earlier than any encoding upgraded to it.

Unfortunately we cannot create new statically optimised globals if there are any
tainted RegisterFiles on the RegisterFileStack. To handle this we re-introduce
(in a slightly cleaner form) the inImplicitCall concept to the RegisterFileStack.

Functions now save a shared subrange of the original source used
to make them (so in the common case this adds no storage above the
memory cache).

kjs/SourceProvider.h: Added.
(KJS::SourceProvider): New abstract base class for classes that provide on-demand access
to the source for a JavaScript program. This allows function objects to have access to their
original source without copying.
(KJS::UStringSourceProvider): SourceProvider subclass backed by a KJS::UString.
(KJS::UStringSourceProvider::create):
(KJS::UStringSourceProvider::getRange):
(KJS::UStringSourceProvider::data):
(KJS::UStringSourceProvider::length):
(KJS::UStringSourceProvider::UStringSourceProvider):

kjs/SourceRange.h: Added.
(KJS::SourceRange::SourceRange): Class that holds a SourceProvider and a character range into
the source, to encapsulate on-demand access to the source of a function.
(KJS::SourceRange::toString):

VM/Machine.cpp:
(KJS::eval): Pass a UStringSourceProvider to the parser.

kjs/Parser.cpp:
(KJS::Parser::parse): Take a SourceProvider and pass it on to the lexer.

kjs/Parser.h:
(KJS::Parser::parse): Take a SourceProvider.

kjs/lexer.cpp:
(KJS::Lexer::setCode): Take a SourceProvider; keep it around, and
use it to get the raw buffer and length.

kjs/lexer.h:
(KJS::Lexer::sourceRange): Convenience function to get a source
range based on the lexer's source provieder, and char offsets
right before and after the desired range.

kjs/function.cpp:
(KJS::globalFuncEval): Pass a UStringSourceProvider to the parser.

kjs/function_object.cpp:
(KJS::functionProtoFuncToString): Use toSourceString to get the source.
(KJS::FunctionObjectImp::construct): Give the parser a UStringSourceProvider.

kjs/grammar.y: When parsing a function declaration, function
expression, or getter or setter, tell the function body about its
SourceRange.

kjs/interpreter.cpp:
(KJS::Interpreter::checkSyntax): Pass a SourceProvider to the parser.
(KJS::Interpreter::evaluate): Pass a SourceProvider to the parser.

kjs/interpreter.h:

kjs/nodes.h:
(KJS::FunctionBodyNode::setSource): Establish a SourceRange for this function.
(KJS::FunctionBodyNode::toSourceString): Get the source string out
of the SourceRange.
(KJS::FuncExprNode::): Take a SourceRange and set it on the body.
(KJS::FuncDeclNode::): ditto

kjs/testkjs.cpp:
(prettyPrintScript): Use a SourceProvider appropriately.

JSRun.cpp:
(JSRun::Evaluate): Use UString version of eveluate() instead of
the now departed UChar*/length variant; use of the lower-level
version was gratuitous in any case.
(JSRun::CheckSyntax): Ditto for checkSyntax().

Restored the expected results for viewsource-empty-attribute-value.html
to what they were prior to r31100. These results expect that the
top-level name in the frame path is "" instead of "1".

It's not clear how r31100 changed the top-level frame in the frame path
to be named "1". The change definitely wasn't related to any expected
behavior in r31100, which was about default margin-bottom for form
elements in quirks mode.

It's also not clear how squirrelfish changes things back.

Sam mentioned that the test result changes intermittently on trunk.

For now, I don't think we need to think deeply about this issue,
since the "" result seems more correct than the "1" result.

Instead of mucking around in the JavaScript engine's execution state,
throwing an exception sets a global exception string, along with the
environment in which to throw it. An ObjC callback checks the global
exception string and, if it's non-nil and the environment matches the
current exceution environment, throws the global exception string as a
JS exception.

I also removed the old currentGlobalObject infrastructure: it's no longer
used.

VM/CodeBlock.cpp:
(KJS::CodeBlock::dump): Fixed op_call_eval to dump as "op_call_eval".
This helped me while debugging.

VM/Machine.cpp:
(KJS::Machine::unwindCallFrame): When looking for an activation to tear
off, don't use the scope chain. Inside eval, the scope chain doesn't
belong to us; it belongs to our calling function.

Also, don't use the needsFullScopeChain flag to decide whether to tear
off the activation. "function.arguments" can create an activation
for a function whose needsFullScopeChain flag is set to false.

To facilitate merging between the squirrelfish branch and trunk, I
edited a bunch of layout tests to make sure their results don't depend
on the exact text of an exception message generated by the JavaScript engine.

(We do want to test JavaScript exception messages -- we just don't want
to test them 300 times over, in tests that aren't supposed to be about
JavaScript at all.)

I fixed bugs that were causing these tests to throw exceptions by accident,
and updated results to reflect correct behavior:

VM/Machine.cpp:
(KJS::Machine::privateExecute): Separated scope chain deref from
activation register copying: since it is now possible for client code
to create an activation on behalf of a function that otherwise wouldn't
need one, having an activation no longer necessarily means that you need
to deref the scope chain.

(KJS::Machine::getCallFrame): For now, this function only examines the
current scope. Walking parent scopes requires some refactoring in the
way we track execution stacks.

kjs/ExecState.cpp:
(KJS::ExecState::ExecState): We use a negative call frame offset to
indicate that a given scope is not a function call scope.

VM/Machine.cpp:
(KJS::Machine::privateExecute): Check for exception return from equal,
since toPrimitive can throw.

kjs/operations.cpp:
(KJS::strictEqual): In response to an error I made in an earlier version
of this patch, I changed strictEqual to make clear the fact that it
performs no conversions and can't throw, making it slightly more efficient
in the process.

Cleaned up Machine.cpp according to our style guidelines: moved static
data to the top of the file; moved stand-alone functions below that;
moved the Machine constructor above other Machine member functions.

A bit more efficient fix than r32832: Don't copy globals into function
register files; instead, have the RegisterFileStack track only the base
of the last *global* register file, so the global object's register
references stay good.

Remove safe/unsafe RegisterFile concept, and instead just add additional
logic to ensure we always push/pop RegisterFiles when executing getters
and setters, similar to the logic for valueOf and toString.

This patch makes getters and setters work. It does this by
tracking whether the RegisterFile is "safe", that is whether
the interpreter is in a state that in which it can handle
the RegisterFile being reallocated.

Partial fix. This results in all implicit calls to toString or valueOf
executing in a separate RegisterFile, so ensuring that the the pointers
in the triggering interpreter don't get trashed. This still leaves the
task of preventing new global re-entry from toString and valueOf from
clobbering the RegisterFile.

kjs/AllInOneFile.cpp: Removed JSActivation.cpp from AllInOneFile.cpp
because that seems to make GCC happy. (Previously, I had added
JSActivation.cpp to AllInOneFile.cpp because *that* seemed to make GCC
happy. So it goes.)

Groundwork for more handling of "arguments". I'm not checking in the
actual handling of "arguments" yet, because it still needs a little
fiddling to avoid a performance regression.

SunSpider reports no change.

VM/Machine.cpp:
(KJS::initializeCallFrame): Put argc in the register file, so the
arguments object can find it later, to determine arguments.length.

kjs/nodes.h:
(KJS::FunctionBodyNode::): Added a special code accessor for when you
know the code has already been generated, and you don't have a scopeChain
to supply for potential code generation. (This is the case when the
activation object creates the arguments object.)

Basically completes recursion limiting. There is still some
tuning we may want to do to make things better in the face of
very bad code, but certainly nothing worse than anything already
possible in trunk.

Put a limit on the level of reentry recursion. 128 levels of re-entrant recursion
seems reasonable as it is greater than the old eval limit, and a long way short of
the reentry depth needed to overflow the stack.

Degenerate handling of "arguments" as a property of the activation
object. Currently, we just return a vanilla object.

SunSpider reports no change.

Fixes:

ecma_3/Function/regress-94506.js.

Reveals to have been secretly broken:

ecma_3/Function/15.3.4.3-1.js
ecma_3/Function/15.3.4.4-1.js

These tests were passing incorrectly. testkjs creates a global array
named "arguments" to hold command-line arguments. That array was
tricking these tests into thinking that an arguments object with length
0 had been created. Since our new vanilla object shadows the global
property named arguments, that object no longer fools these tests into
passing.

Net change: +1 failing test.

kjs/AllInOneFile.cpp: Had to put JSActivation.cpp into AllInOneFile.cpp
to solve a surprising 8.6% regression in bitops-3bit-bits-in-byte.

We now check the activation register, instead of the codeBlock, to
determine whether we need to tear off the activation. This is to support
"f.arguments", which will create an activation/arguments pair for f,
even though the needsFullScopeChain flag is false for f's codeBlock.

The test fixes resulted from calling initializeCallFrame for re-entrant
function code, instead of initializing (not enough) parts of the call
frame by hand.

(1) In "with" and "catch" scopes, we would construct a ScopeChain
object and then jump across its destructor, leaking the ScopeChainNode
we had pushed.

(2) In global and eval scopes, we would fail to initially ref
"scopeChain", causing us to overrelease it later. Now that we ref
"scopeChain" properly, we also need to deref it when the script
terminates.

To prevent incorrectly reusing what will become the result register for
eval and global code execution, we need to request and ref the destination
in advance of codegen. Unfortunately this may lead to unnecessary copying,
although in future we can probably limit this. Curiously SunSpider shows
a progression in a number of tests, although it comes out as a wash overall.

This patch replaces the current partial finally support (which uses code
duplication to achieve what it does) with a subroutine based approach.
This has a number of advantages over code duplication:

Reduced code size

Simplified exception handling as the finaliser code only exists in
one place, so no "magic" is needed to get the correct handler for a
finaliser.

When we support instruction to line number mapping we won't need to
worry about the dramatic code movement caused by duplication

On the downside it is necessary to add two new opcodes, op_jsr and op_sret
to enter and exit the finaliser subroutines, happily SunSpider reports
a performance progression (gcc amazes me) and ubench reports a wash.

While jsr and sret provide a mechanism that allows us to enter and exit
any arbitrary finaliser we need to, it was still necessary to increase
the amount of information tracked when entering and exiting both finaliser
scopes and dynamic scopes ("with"). This means "scopeDepth" is now
the combination of "finaliserDepth" and "dynamicScopeDepth". We also
now use a scopeContextStack to ensure that we pop scopes and execute
finalisers in the correct order. This increases the cost of "with" nodes
during codegen, but it should not be significant enough to effect real
world performance and greatly simplifies codegen for return, break and
continue when interacting with finalisers.

VM/CodeGenerator.h: Made the default codegen buffers bigger. SunSpider
runs all tests in one global environment, so you end up with more than
128 locals. This is just a stop-gap until we code up a real
solution to arbitrary symbol and label limits.

This is somewhat more convoluted than the simple hadException checks
we currently use. Instead we use special toNumber conversions that
select between the exception and ordinary vPC. This allows us to
remove any branches in the common case (incrementing a number).

Fixed a codegen bug when returning from inside a dynamic scope (a with
or catch block): we need to pop any dynamic scope(s) that have been
added so op_ret can find the activation object at the top of the scope
chain.

kjs/nodes.cpp:
(KJS::ReturnNode::emitCode): If we're returning from inside a dynamic
scope, emit a jmp_scopes to take care of popping any dynamic scope(s)
and then branching to the return instruction.

Fixed a codegen bug in with and switch, and added an ASSERT to
make sure it doesn't happen again.

emitCode() assumes that dst, if non-zero, is either referenced or
non-temporary (i.e., it assumes that newTemporary() will return a
register not equal to dst). Certain callers to emitCode() weren't
guaranteeing that to be so, so temporary register values were being
overwritten.

VM/CodeGenerator.h:
(KJS::CodeGenerator::emitNode): ASSERT that dst is referenced or non-temporary.

kjs/nodes.cpp:
(KJS::CommaNode::emitCode): Reference the dst we pass.

(KJS::WithNode::emitCode): No need to pass an explicit dst register.

(KJS::CaseBlockNode::emitCodeForBlock): No need to pass an explicit dst register.
(KJS::SwitchNode::emitCode): No need to pass an explicit dst register.

kjs/nodes.h: Made dst the last parameter to emitCodeForBlock, to match
emitCode.

Most emitCode functions take an optional "dst" parameter that says
where the output of the instruction should be written. I made some
functions for convenient handling of the dst register:

VM/CodeGenerator.h:
(KJS::CodeGenerator::tempDestination): Takes the dst register. Returns it if
it is not null and is a temporary, otherwise allocates a new temporary. This is
intended for cases where an intermediate value might be written into the dst

(KJS::CodeGenerator::finalDestination): Takes the dst register and an optional
register that was used as a temp destination. Picks the right thing for the final
output. Intended to be used as the output register for the instruction that generates
the final value of a particular node.

(KJS::CodeGenerator::moveToDestinationIfNeeded): Takes dst and a
RegisterID; moves from the register to dst if dst is defined and
different from the register. This is intended for cases where the
result of a node is already in a specific register (likely a
local), and so no code needs to be generated unless a specific
destination has been requested, in which case a move is needed.

I also applied these methods throughout emitCode functions. In
some cases this was just cleanup, in other cases I fixed actual
codegen bugs. Below I have given specific comments for the cases
where I believe I fixed a codegen bug, or improved quality of codegen.

kjs/nodes.cpp:
(KJS::NullNode::emitCode):
(KJS::FalseNode::emitCode):
(KJS::TrueNode::emitCode):
(KJS::NumberNode::emitCode):
(KJS::StringNode::emitCode):
(KJS::RegExpNode::emitCode):
(KJS::ThisNode::emitCode): Now avoids emitting a mov when dst is
the same as the this register (the unlikely case of "this = this");
(KJS::ResolveNode::emitCode): Now avoids emitting a mov when dst
is the same as the local regiester, in the local var case (the
unlikely case of "x = x");
(KJS::ArrayNode::emitCode): Fixed a codegen bug where array
literal element expressions may have observed an intermediate
value of constructing the array.
(KJS::ObjectLiteralNode::emitCode):
(KJS::PropertyListNode::emitCode): Fixed a codegen bug where object literal
property definition expressions may have obesrved an intermediate value of
constructing the object.
(KJS::BracketAccessorNode::emitCode):
(KJS::DotAccessorNode::emitCode):
(KJS::NewExprNode::emitCode):
(KJS::FunctionCallValueNode::emitCode):
(KJS::FunctionCallBracketNode::emitCode):
(KJS::FunctionCallDotNode::emitCode):
(KJS::PostIncResolveNode::emitCode):
(KJS::PostDecResolveNode::emitCode):
(KJS::PostIncBracketNode::emitCode):
(KJS::PostDecBracketNode::emitCode):
(KJS::PostIncDotNode::emitCode):
(KJS::PostDecDotNode::emitCode):
(KJS::DeleteResolveNode::emitCode):
(KJS::DeleteBracketNode::emitCode):
(KJS::DeleteDotNode::emitCode):
(KJS::DeleteValueNode::emitCode):
(KJS::VoidNode::emitCode):
(KJS::TypeOfResolveNode::emitCode):
(KJS::TypeOfValueNode::emitCode):
(KJS::PreIncResolveNode::emitCode): Fixed a codegen bug where the final
value would not be output to the dst register in the local var case.
(KJS::PreDecResolveNode::emitCode): Fixed a codegen bug where the final
value would not be output to the dst register in the local var case.
(KJS::PreIncBracketNode::emitCode):
(KJS::PreDecBracketNode::emitCode):
(KJS::PreIncDotNode::emitCode):
(KJS::PreDecDotNode::emitCode):
(KJS::UnaryPlusNode::emitCode):
(KJS::NegateNode::emitCode):
(KJS::BitwiseNotNode::emitCode):
(KJS::LogicalNotNode::emitCode):
(KJS::MultNode::emitCode):
(KJS::DivNode::emitCode):
(KJS::ModNode::emitCode):
(KJS::AddNode::emitCode):
(KJS::SubNode::emitCode):
(KJS::LeftShiftNode::emitCode):
(KJS::RightShiftNode::emitCode):
(KJS::UnsignedRightShiftNode::emitCode):
(KJS::LessNode::emitCode):
(KJS::GreaterNode::emitCode):
(KJS::LessEqNode::emitCode):
(KJS::GreaterEqNode::emitCode):
(KJS::InstanceOfNode::emitCode):
(KJS::InNode::emitCode):
(KJS::EqualNode::emitCode):
(KJS::NotEqualNode::emitCode):
(KJS::StrictEqualNode::emitCode):
(KJS::NotStrictEqualNode::emitCode):
(KJS::BitAndNode::emitCode):
(KJS::BitXOrNode::emitCode):
(KJS::BitOrNode::emitCode):
(KJS::LogicalAndNode::emitCode):
(KJS::LogicalOrNode::emitCode):
(KJS::ConditionalNode::emitCode):
(KJS::emitReadModifyAssignment): Allow an out argument separate from the operands,
needed for fixes below.
(KJS::ReadModifyResolveNode::emitCode): Fixed a codegen bug where the right side of
the expression may observe an intermediate value.
(KJS::AssignResolveNode::emitCode): Fixed a codegen bug where the right side of the
expression may observe an intermediate value.
(KJS::ReadModifyDotNode::emitCode): Fixed a codegen bug where the right side of the
expression may observe an intermediate value.
(KJS::ReadModifyBracketNode::emitCode): Fixed a codegen bug where the right side of the
expression may observe an intermediate value.
(KJS::CommaNode::emitCode): Avoid writing temporary value to dst register.
(KJS::ReturnNode::emitCode): Void return should return undefined, not null.
(KJS::FuncExprNode::emitCode):

Add op_resolve_base_and_property for read/modify/write operations,
this adds a "superinstruction" to resolve the base and value of a
property simultaneously. Just using resolveBase and resolve results
in an 5% regression in ubench, 30% in loop-empty-resolve (which is
expected). 1.3% progression in sunspider, 2.1% in ubench, with a
21% gain in loop-empty-resolve. The only outlier is function-missing-args
which gets a 3% regression that I could never resolve.

fix a codegen flaw that makes some tests run way too fast or way too slow

The basic problem was that FunctionCallResolveNode results in
codegen which can incorrectly write an intermediate value into the
dst register even when that is a local. I added convenience
functions to CodeGenerator for getting this right, but for now I
only fixed FunctionCallResolve.

VM/CodeGenerator.cpp:
(KJS::CodeGenerator::registerForLocal): Always return a register for
"this", even if we're not optimizing access to other locals. Because
"this" is a keyword, it's always in a register and always accessible.

VM/CodeGenerator.h:
(KJS::CodeGenerator::shouldOptimizeLocals): Factored out a function
for determining whether we should optimize access to locals, since
eval will need to make this test a little more complicated.

When growing the register file's buffer to make space for new globals,
make sure to copy accounting for the fact that the new space is logically
at the beginning of the buffer in this case, instead of at the end as when
growing for a new call frame.

Add validation and exception checks to SquirrelFish so that the
correct exceptions are thrown for undefined variables, type errors
and toObject failure. Also handle exceptions thrown by native
function calls.

(1) Don't shrink the register file to 0, since our caller may still
be using it.

(2) In case of exception, return jsNull() instead of 0 because,
surprisingly, some JavaScriptCore clients rely on a function's return
value being safe to operate on even if the function threw an exception.

Also:

Changed FunctionImp::callAsFunction to honor the new semantics of
exceptions not returning 0.

Renamed "handlerPC" to "handlerVPC" to match other uses of "VPC".

Renamed "exceptionData" to "exceptionValue", because "data" seemed to
imply something more than just a JSValue.

Merged prepareException into throwException, since throwException was
its only caller, and it seemed weird that throwException didn't take
an exception as an argument.

sunspider --squirrelfish does not seem to complain on my machine, but it
complains a little (.6%) on Oliver's.

Fixed op_construct for CallTypeNative to reacquire "r" before setting
its return value, since registerBase can theoretically change during the
execution of arbitrary code. (Not sure if any native constructors
actually make this possible.)

A re-entrant function call is the same as a normal function call with
one exception: the re-entrant call leaves everything except for
CallerCodeBlock in the call frame header uninitialized, since the call
doesn't need to return to JS code. (It sets CallerCodeBlock to 0, to
indicate that the call shouldn't return to JS code.)

Also fixed a few issues along the way:

Fixed two bugs in the read-write List implementation that caused
m_size and m_buffer to go stale.

Changed native call code to update "r" *before* setting the return
value, since the call may in turn call JS code, which changes the value
of "r".

Keep a stack of register files instead of just one. Globals propogate
between register files as the register files enter and exit the stack.

An activation still uses its own register file's base as its
registerBase, but the global object uses the register file *stack*'s
registerBase, which updates dynamically to match the register file at
the top of the stack.

There's a subtle change to the register file's internal layout: for
global code / the global object, registerOffset is always 0 now. In
other words, all register counting starts at 0, not 0 + (number of
global variables). The helps simplify accounting when the number of
global variables changes.

Initial support for exceptions in SquirrelFish, only supports finalisers in the
simple cases (eg. exceptions and non-goto/return across finaliser boundaries).
This doesn't add the required exception checks to existing code, it merely adds
support for throw, catch, and the required stack unwinding.

First step toward supporting re-entrant evaluation: Switch register
clients from using "registers", a pointer to a register vector, to
"registerBase", an indirect pointer to the logical first entry in the
register file. (The logical first entry is the first entry that is not
a global variable).

With a vector, offsets into the register file remain good when the
underlying buffer reallocates, but they go bad when the logical
first entry moves. (The logical first entry moves when new global
variables get added to the beginning of the register file.) With an
indirect pointer to the logical first entry, offsets will remain good
regardless.

1.4% speedup on sunspider --squirrelfish. I suspect this is due to
reduced allocation when creating closures, and reduced indirection
through the register vector.

wtf/Vector.h: Added an accessor for an indirect pointer to the vector's
buffer, which we currently use (incorrectly) for registerBase. This is
temporary scaffolding to allow us to change client code without
changing behavior.

Support for evaluating multiple scripts in the same global environment.
(Still don't support re-entrant evaluation yet.)

The main changes here are:

(1) Obey the ECMA 10.1.3 rules regarding how to resolve collisions when
a given symbol is declared more than once. (This patch fixes the same
issue for function code, too.)

(2) In the case of var and/or function collisions, reuse the existing
storage slot. For global code, this is required for previously
generated instructions to continue to work. For function code, it's
more of a "nice to have": it makes register layout in the case of
collisions easier to understand, and has the added benefit of saving
memory.

(3) Allocate slots in the CodeGenerator's m_locals vector in parallel
to register indexes in the symbol table. This ensures that, given an
index in the symbol table, we can find the corresponding RegisterID
without hashing, which speeds up codegen.

I moved responsibility for emitting var and function initialization
instructions into the CodeGenerator, because bookkeeping in cases where
var, function, and/or parameter names collide requires a lot of
internal knowledge about the CodeGenerator.

VM/CodeGenerator.cpp:
(KJS::CodeGenerator::addVar): Removed responsibility for checking whether
a var declaration overwrites "arguments", because the check is
inappropriate for global code, which may not have a pre-existing
"arguments" symbol in scope. Also changed this function to return a
boolean indicating whether addVar actually created a new RegisterID,
or just reused an old one.

(KJS::CodeGenerator::CodeGenerator): Split out the constructors for
function code and global code, since they're quite different now.

(KJS::CodeGenerator::registerForLocal): This function does its job
without any hashing now.

VM/Machine.cpp: Move old globals and update "r" before executing a
new script. That way, old globals stay at a constant offset from "r",
and previously optimized code still works.

VM/RegisterID.h: Added the ability to allocate a RegisterID before
initializing its index field. We use this for parameters now.

kjs/JSVariableObject.h:
(KJS::JSVariableObject::symbolTableGet): Changed the ungettable getter
ASSERT to account for the fact that symbol indexes are all negative.

Changed the code below to ASSERT_NOT_REACHED() and return 0, since it
can no longer retrieve LocalStorage from the ExecState. (Eventually,
we'll just remove this code and all its friends, but that's a task for
later.)

JavaScriptCore.exp: Export dumpRegisters, so it's visible to gdb even
if we don't explicitly call it in the source text.

VM/Machine.cpp:
(KJS::Machine::privateExecute): No need to call dumpRegisters anymore,
since that was just a hack for gdb's sake.

kjs/JSActivation.h: Removed obsolete comment.

VM/CodeGenerator.cpp: Added ASSERTs to verify that the localCount
we're given matches the number of locals actually allocated.

VM/CodeGenerator.h:
(KJS::CodeGenerator::CodeGenerator): Changed "localCount" to include
the parameter count, since we're using the word "local" to mean
parameter, var, function, or "this". Renamed "m_nextLocal" to
"m_nextVar", since "m_nextLocal" doesn't contrast well with
"m_nextParameter".

Added two new opcodes to get_pnames and next_pname to handle iterating
over the set of properties on an object. This iterator is explicitly
invalidated and the property name array is released on standard exit
from the loop, otherwise we rely on GC to do the clean up for us.

Change CodeGenerator::emitCall() so it increments the reference count of
registers passed to it, and change its callers so they don't needlessly
increment the reference count of the registers they are passing.

0.2% speedup overall, due to some inlining tweaks. 3.6% regression on
function-empty.js, since we're making a new virtual call and taking a
new branch inside every op_call.

I adjusted the JavaScriptCore calling convention to minimize overhead,
like so:

The machine calls a single virtual function, "getCallData", to get all
the data it needs for a function call. Native code still uses the old
"isObject()" check followed by an "implementsCall()" check, which
aliases to "getCallData". (We can optimize native code to use getCallData
at our leisure.)

To supply a list of arguments, the machine calls a new List constructor
that just takes a pointer and a length, without copying. Native code
still appends to the list one argument at a time. (We can optimize
native code to use the new List constructor at our leisure.)

kjs/CallData.h: Added.
(KJS::): CallData is a union because eventually native calls will stuff
a function pointer into it, to eliminate the callAsFunction virtual call.

kjs/function.cpp:
(KJS::FunctionImp::callAsFunction): Changed this to an ASSERT since
it's not implemented yet.

kjs/list.h: Made the List class two-faced, to support the old way and
the new way during this transition phase: lists can be made read-only
with just a pointer and a legnth, or you can append to them one item
at a time.

kjs/value.h:
(KJS::jsUndefined): Marked this function ALWAYS_INLINE for the benefit
of a certain compiler that doesn't know what's best for it.

Registers are printed as lr1 for locals, tr1 for temp registers. Identifiers print as
foobar(@id0) and constants print as "foo"(@k1) or 312.4(@k2) or the like. Constant and
identifier tables are dumped for reference.

Supply an implicit "this" value as the first argument to every function.
Alias the "this" keyword to that argument.

1% regression overall, 2.5% regression on empty function calls. Seems
like a reasonable cost for now, since we're doing more work.
(Eventually, we might decide to create a version of op_call specialized
for a known null "this" value.)

Added a loop context stack to the code generator to provide the
correct jump labels for continue and goto. Added logic to the
currently implemented loop constructs to manage entry and exit
from the loop contexts. Finally, implemented codegen for break
and continue (and a pass through for LabelNode)

DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.cpp:
(toCString): Added this helper function.
(testPostURLFile): Added. Writes the passed-in content to the
passed-in file and calls NPN_PostURL with the passed-in URL and
target.
(pluginInvoke): Added a case for testPostURLFile.

platform/graphics/win/GetEOTHeader.cpp:
(WebCore::getEOTHeader): MSVC complains that having a 0-sized array in
a struct is a non-standard extension. I've replaced the 0-sized arrays
with arrays of 1 element, and replaced sizeof(structType) with
offsetof(structType, arrayMember).

platform/text/TextCodecICU.cpp:
(WebCore::ErrorCallbackSetter::~ErrorCallbackSetter):
UCNV_SUB_STOP_ON_ILLEGAL is a string literal, so using == with it
doesn't really do what we want. Use strcmp instead. It's OK to pass an
unknown value to strcmp here since 1) UCNV_SUB_STOP_ON_ILLEGAL is only
a single character long so we're not going to ready more than 2 bytes
from oldContext, and 2) we're inside an ASSERT which will cause a
crash anyway if it fails.

win/tools/vsprops/common.vsprops: Add warning 4503 to the list of
disabled warnings. It's a warning about decorated names being longer
than MSVC's limit of 4096 characters. This warning doesn't indicate a
correctness problem, but these truncated decorated names will be
harder to recognize during debugging or when they appear in linker
errors.

platform/text/String.cpp:
(WebCore::toIntegralType): Disable a bogus warning about using unary -
on an unsigned value. MSVC isn't smart enough to figure out that
isNegative will always be false when value is unsigned.

Unfortunately we cannot create new statically optimised globals if there are any
tainted RegisterFiles on the RegisterFileStack. To handle this we re-introduce
(in a slightly cleaner form) the inImplicitCall concept to the RegisterFileStack.

xml/AccessControlList.cpp:
(WebCore::AccessControlList::parseAccessControlHeader): When multiple http headers are sent
in the response, the engine will concatenate them with commas separating the rules. This simply
reverses that process by splitting on the commas.
(WebCore::AccessControlList::show):

xml/AccessItemRule.cpp:
(WebCore::skipLWS):
(WebCore::AccessItemRule::parseAccessItemRule): Parse the rule according to the BNF provided by
the Access Control spec.
(WebCore::AccessItemRule::parsePatternList):
(WebCore::AccessItemRule::invalidate):
(WebCore::AccessItemRule::show):

loader/DocLoader.cpp:
(WebCore::DocLoader::clearPreloads): Be sure to decrease the preload count for
the cached resource before trying to remove it from the cache. A non-zero
preload count can prevent the resource from being removed from the cache.

Added a way for clients to let the cache know that they no longer need
font data, which lets the cache release it. Changed clients to track
most of the font data they get from the cache so that they can later
release it. Some instances of font data -- namely, those used for system
font fallback -- are still not tracked and will therefore remain in the
cache indefinitely.

platform/graphics/FontCache.cpp:
(WebCore::FontCache::getCachedFontData): Added code to track the number
of times a SimpleFontData instance has been requested from the cache,
remove requested instances from the inactive list, and purge inactive
font data if the inactive list has grown above its maximum allowed size.
(WebCore::FontCache::releaseFontData): Added. Called by clients to let
the cache know that they no longer need the font data. Adds the font
data to the inactive list if the last client has released it.
(WebCore::FontCache::purgeInactiveFontData): Added. Removes inactive
font data from the cache (and the inactive list).
(WebCore::FontCache::fontDataCount): Added to provide statistics.
(WebCore::FontCache::inactiveFontDataCount): Ditto.

platform/graphics/FontCache.h:

platform/graphics/FontData.h:
(WebCore::FontData::FontData): Added a member variable to store the
highest glyph page tree level in which there is a node for this FontData.
This is used to limit the depth of the search when pruning glyph page
trees.
(WebCore::FontData::setMaxGlyphPageTreeLevel): Added this accessor.
(WebCore::FontData::maxGlyphPageTreeLevel): Ditto.

platform/graphics/FontFallbackList.cpp:
(WebCore::FontFallbackList::FontFallbackList): Changed to start with a
refcount of 1.
(WebCore::FontFallbackList::invalidate): Added a call to
releaseFontData().
(WebCore::FontFallbackList::releaseFontData): Added. Lets the font cache
know that we no longer need the FontData in our font list.
(WebCore::FontFallbackList::fontDataAt): Changed to record in the font
list whether the font data is a custom font data or not.
(WebCore::FontFallbackList::setPlatformFont): Ditto.

platform/graphics/FontFallbackList.h:
(WebCore::FontFallbackList::create): Added and made the constructor
private.
(WebCore::FontFallbackList::~FontFallbackList): Added a call to
releaseFontData().

platform/graphics/SimpleFontData.cpp:
(WebCore::SimpleFontData::~SimpleFontData): Added code to let the font
cache know that we no longer need the small caps font data and to prune
the glyph page trees.

<rdar://problem/4859666> WebKit needs availability macros in order to deprecate APIs

Create WebKit availability macros that key off the Mac OS X version being targeted to
determine the WebKit version being targeted. Applications can define
WEBKIT_VERSION_MIN_REQUIRED before including WebKit headers in order to target a specific
version of WebKit.

The availability header is being added to JavaScriptCore rather than WebKit as JavaScriptCore
is the lowest-level portion of the public WebKit API.

Plugins/WebNetscapePluginEventHandlerCocoa.mm:
(WebNetscapePluginEventHandlerCocoa::keyDown):
(WebNetscapePluginEventHandlerCocoa::sendKeyEvent):
If the plug-in returns 0 when a NPCocoaEventKeyDown is passed to NPP_HandleEvent,
it means that the event should be passed on to the input manager.

Naively moving JavaScriptCore into thread-specific data was inappropriate in the face of
exiting JavaScriptCore API clients, which expect a different therading model. Temporarily
disabling ThreadSpecific implementation until this can be sorted out.

Fix scrolling issues by implementing transitionToCommittedNewPage() so the scroll positions are reset when a new page is loaded, and also maintained so that back and next restore the scroll positions as well. This also simplifies the logic for initializing and managing wxWebView.

Functions now save a shared subrange of the original source used
to make them (so in the common case this adds no storage above the
memory cache).

kjs/SourceProvider.h: Added.
(KJS::SourceProvider): New abstract base class for classes that provide on-demand access
to the source for a JavaScript program. This allows function objects to have access to their
original source without copying.
(KJS::UStringSourceProvider): SourceProvider subclass backed by a KJS::UString.
(KJS::UStringSourceProvider::create):
(KJS::UStringSourceProvider::getRange):
(KJS::UStringSourceProvider::data):
(KJS::UStringSourceProvider::length):
(KJS::UStringSourceProvider::UStringSourceProvider):

kjs/SourceRange.h: Added.
(KJS::SourceRange::SourceRange): Class that holds a SourceProvider and a character range into
the source, to encapsulate on-demand access to the source of a function.
(KJS::SourceRange::toString):

VM/Machine.cpp:
(KJS::eval): Pass a UStringSourceProvider to the parser.

kjs/Parser.cpp:
(KJS::Parser::parse): Take a SourceProvider and pass it on to the lexer.

kjs/Parser.h:
(KJS::Parser::parse): Take a SourceProvider.

kjs/lexer.cpp:
(KJS::Lexer::setCode): Take a SourceProvider; keep it around, and
use it to get the raw buffer and length.

kjs/lexer.h:
(KJS::Lexer::sourceRange): Convenience function to get a source
range based on the lexer's source provieder, and char offsets
right before and after the desired range.

kjs/function.cpp:
(KJS::globalFuncEval): Pass a UStringSourceProvider to the parser.

kjs/function_object.cpp:
(KJS::functionProtoFuncToString): Use toSourceString to get the source.
(KJS::FunctionObjectImp::construct): Give the parser a UStringSourceProvider.

kjs/grammar.y: When parsing a function declaration, function
expression, or getter or setter, tell the function body about its
SourceRange.

kjs/interpreter.cpp:
(KJS::Interpreter::checkSyntax): Pass a SourceProvider to the parser.
(KJS::Interpreter::evaluate): Pass a SourceProvider to the parser.

kjs/interpreter.h:

kjs/nodes.h:
(KJS::FunctionBodyNode::setSource): Establish a SourceRange for this function.
(KJS::FunctionBodyNode::toSourceString): Get the source string out
of the SourceRange.
(KJS::FuncExprNode::): Take a SourceRange and set it on the body.
(KJS::FuncDeclNode::): ditto

kjs/testkjs.cpp:
(prettyPrintScript): Use a SourceProvider appropriately.

JSRun.cpp:
(JSRun::Evaluate): Use UString version of eveluate() instead of
the now departed UChar*/length variant; use of the lower-level
version was gratuitous in any case.
(JSRun::CheckSyntax): Ditto for checkSyntax().